Recently, researchers of SANS Technology Institute warn about a new Netflix phishing scam which leads victims to sites with the valid Transport Layer Security (TLS) certificates.
On Wednesday, the Johannes Ullrich, dean of researchers at the SANS Technology Institute, said that there had been an upmark in the Netflix phishing emails scam by using the TLS-certified sites.
Johannes Ullrich also added some bad actors behind the phishing attacks would take benefits of unpatched plugins or installs, or by using the weak passwords, only to compromise common-suspect CMS software, like Drupal or WordPress. From there, they can easily create some phishing sites that might be mistaken for the real Netflix domains. In some instances, they are using wildcard DNS records.
The researcher also said on the blog post, with the use of a wildcard DNS record, *anything.domain.com will point directly to the similar IP address. The attackers will use a hostname/subdomain to start the attacks. But the researcher has also seen them by using some specific domain names which are registered for the phish.
However, the attacker can obtain a TLS certificate for a hostname which is related to Netflix, like netflix.login.domain.com or netflix.domain.com; it helps the site in escaping being flagged by safe-browser software.
Ullrich also said that the initial spoofed emails are the weakest part of the campaign, and it is very easy to spot.
He also added their words on a blog post that the email was marked as spamming, and is not worded that well. In this case, the link went to the hxxps://www.safenetflax.com; this domain registered only to impersonate Netflix. This type of domains is no longer resolves.
After clicking on the given link, Ullrich found that the websites will appear authentic and seem similar to the real Netflix, he said that there is only one modification which he can spot is that the alternative login methods like Facebook are missing.
Whereas the Netflix accounts are not particularly important, but the Ullrich said that he had seen them to offered $0.20-0.50 per account, the attack might be tempting to cyber-criminals as it can be easily automated and also very hard for the victims to spot.
If a Netflix account is compromised, then it can frequently be used for a long time undetected as Netflix allows the multiple simultaneous streams for its standard and the premium accounts, said by Ullrich in their blog post. Unless the genuine user gets ‘kicked off’ for using too many streams, the reasonable user will never know that there is someone else who is using their account.”
Over the years, the technique of using the TLS for phishing attacks has been considerably increased; last year, Zscaler said that they saw 400 percent boost in phishing attempts which delivered with SSL/TLS over 2016.
Deepen Desai, the director of security research at Zscaler said in a post about the drastic increase in the percentage; some hackers are posting phishing pages on valid domains that they have compromised. Many of these legitimate sites was supporting the SSL/TLS, and there are few network security solutions which can support the inspection of encrypted packets at scale.
However, Ullrich also mention in their post that ultimately the bad actor could have made a mistake by using TLS; as it is easy for Netflix or even for others to find the sites through the certificate transparency logs easily; and he doubts that many of the users would notice if the site did not use TLS.
Though the Netflix phishing campaigns have been continuing for years, but on a recent new range of fake email and some malicious links appear to have cropped up, with a variety of law enforcement advice citizens to be lookout for the scams.
A wave of police forces in Canada, for instance, has recently warned the public of a phishing scam that engages bad actors to impersonate Netflix to acquire victims banking information

Google Assistance is an example of artificial intelligence. It was introduced by Google. It has extensive use from reminding for a birthday gift to waking you up early for your job. Google A… Read More

It is always a wise decision to upgrade and update all the applications of any electronics. It not only ensures that you are enjoying the new and latest features added to it but you are also… Read More

If you feel uncomfortable with the idea of staying around old voice recordings, we present you a simple way to clear the data on your Alexa devices to help you be relaxed.
Clearing Alexa His… Read More

With the use of Automatic Setup in iOS 11, you will be able to set up your iPhone and iPad a little more swiftly. The automatic setup allows you to transmit your settings and Apple ID associ… Read More

Despite being a hardcore device, the GoPro camera has been found to have a soft spot in it. The camera can capture the high-quality videos in rough conditions and the sportspersons love to c… Read More

Anyone who marks their presence on the web must be aware of Gmail. It is one of the most widely used email platforms of Google. Gmail has over a billion users around the planet. Gmail has ev… Read More

Before hitting the mission, check that battery of your laptop is charged sufficiently to last all day. There are several ways to save your battery including Battery Saver option in Windows 1… Read More